Open erikas-tranauskas opened 1 week ago
bocharsky-bw
commented
1 week ago Why does SalesForce do this? What extra parameters exactly? Are the extra parameters always the same? I mean, how you can guarantee that those query parameters won't change in the future, or if their values won't change? It sounds like even if you were able to add some extra query parameters, you are still not 100% sure what SalesForce will add, right?
erikas-tranauskas
commented
1 week ago Why does SalesForce do this? What extra parameters exactly? Are the extra parameters always the same? I mean, how you can guarantee that those query parameters won't change in the future, or if their values won't change? It sounds like even if you were able to add some extra query parameters, you are still not 100% sure what SalesForce will add, right?
Those are added by my company SalesForce managers I believe. Used to track some data about clicking anything in the verification email itself. So basically yeah I am not sure which parameters will be used and if new ones will appear sometime in the future.
For now I just update the query parameters (by removing the extra ones and just leaving the ones needed for this bundle) of the Symfony Request used to validate the email.
jrushlow
commented
6 days ago Is there any way to add extra parameter after the verification link has been generated?
There is not a mechanism to modify the signed URL once it has been generated by https://github.com/SymfonyCasts/verify-email-bundle/blob/8d149792e212c1170ac64cb4ef07d642435a42f4/src/VerifyEmailHelper.php#L56
I'm not familiar with Salesforce - but I believe if you generate a signed URL -> modify the signed URL (e.g. what it sounds like salesforce is doing) -> attempt to validate the malformed signed URL -> validation will fail.
The best solution (although it may not be possible in your situation) would be to pass an extra query param's to https://github.com/SymfonyCasts/verify-email-bundle/blob/8d149792e212c1170ac64cb4ef07d642435a42f4/src/VerifyEmailHelper.php#L56 as the $extraParams arguments in your controller. Then those params would become apart of the signature.
Else, you would need to "sanitize" the signed URL before validation by removing any params that were not used when the signature was generated. See: https://github.com/SymfonyCasts/verify-email-bundle/blob/main/README.md#reserved-query-parameters
For v2, we could create a configuration based mechanism to remove some/all extra query params in https://github.com/SymfonyCasts/verify-email-bundle/blob/79ec4293c37ea03df772820ad6c41e758fd44e0b/src/VerifyEmailHelper.php#L61 thought I have not fully thought out the consequences for doing so in the bundle.
erikas-tranauskas
commented
6 days ago Is there any way to add extra parameter after the verification link has been generated?
There is not a mechanism to modify the signed URL once it has been generated by
I'm not familiar with Salesforce - but I believe if you generate a signed URL -> modify the signed URL (e.g. what it sounds like salesforce is doing) -> attempt to validate the malformed signed URL -> validation will fail.
The best solution (although it may not be possible in your situation) would be to pass an extra query param's to
as the
$extraParamsarguments in your controller. Then those params would become apart of the signature. Else, you would need to "sanitize" the signed URL before validation by removing any params that were not used when the signature was generated. See: https://github.com/SymfonyCasts/verify-email-bundle/blob/main/README.md#reserved-query-parametersFor v2, we could create a configuration based mechanism to remove some/all extra query params in
thought I have not fully thought out the consequences for doing so in the bundle.
Thank you. Yes sanitization indeed helps. I believe this could be even implemented into the bundle itself. Just clean all the extra parameters that might be added by some email service providers.
So I have this issue with sending verification emails through SalesForce. They always add some extra query parameters to URL before adding the link into the email.
I see that if you add any extra parameter into URL - verification process fails and it won't work except you add those parameters while generating the URL itself.
Is there any way to add extra parameter after the verification link has been generated?